Forums

Home » Liferay Portal » English » 3. Development

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Using Liferay's Permission System from a portlet Jan Kosecki December 4, 2012 4:52 AM
RE: Using Liferay's Permission System from a portlet Jan Geißler December 4, 2012 5:04 AM
RE: Using Liferay's Permission System from a portlet Jan Kosecki December 4, 2012 5:05 AM
RE: Using Liferay's Permission System from a portlet Jan Geißler December 4, 2012 5:10 AM
RE: Using Liferay's Permission System from a portlet Jan Kosecki December 4, 2012 5:16 AM
RE: Using Liferay's Permission System from a portlet Jan Geißler December 4, 2012 5:22 AM
RE: Using Liferay's Permission System from a portlet Jan Kosecki December 4, 2012 5:23 AM
RE: Using Liferay's Permission System from a portlet Jan Geißler December 4, 2012 5:49 AM
RE: Using Liferay's Permission System from a portlet Jan Kosecki December 5, 2012 11:46 PM
RE: Using Liferay's Permission System from a portlet Jan Geißler December 6, 2012 2:21 AM
RE: Using Liferay's Permission System from a portlet Jan Kosecki December 7, 2012 2:51 AM
RE: Using Liferay's Permission System from a portlet Jan Geißler December 7, 2012 2:37 AM
RE: Using Liferay's Permission System from a portlet Jan Geißler December 7, 2012 3:06 AM
RE: Using Liferay's Permission System from a portlet Jan Kosecki December 7, 2012 3:32 AM
RE: Using Liferay's Permission System from a portlet Jan Geißler December 7, 2012 3:54 AM
RE: Using Liferay's Permission System from a portlet Jan Kosecki December 7, 2012 4:26 AM
RE: Using Liferay's Permission System from a portlet Jan Geißler December 7, 2012 4:37 AM
RE: Using Liferay's Permission System from a portlet Jan Kosecki December 10, 2012 4:39 AM
RE: Using Liferay's Permission System from a portlet Jan Geißler December 10, 2012 4:57 AM
RE: Using Liferay's Permission System from a portlet Jan Kosecki December 11, 2012 4:20 AM
RE: Using Liferay's Permission System from a portlet Jan Geißler December 11, 2012 11:54 PM
Jan Kosecki
Using Liferay's Permission System from a portlet
December 4, 2012 4:52 AM
Answer

Jan Kosecki

Rank: New Member

Posts: 16

Join Date: October 29, 2012

Recent Posts

Hi, I've been following the article [url=http://www.liferay.com/web/guest/community/wiki/-/wiki/Main/Using+Liferay's+Permission+System+from+a+portlet]Using Liferay's Permission System from a portlet and did everything what was written there. However, despite I changed permissions only for one portlet, I get "You do not have permission to view this page." for all pages, even the Control Panel. Any idea what caused it and how to solve it?
Jan Geißler
RE: Using Liferay's Permission System from a portlet
December 4, 2012 5:04 AM
Answer

Jan Geißler

Community Moderator

Rank: Liferay Master

Posts: 735

Join Date: July 5, 2011

Recent Posts

Do you have the Problem with tha Admin Account or a User Account? If it's a User account, he may not have the appropiate permissions,
Jan Kosecki
RE: Using Liferay's Permission System from a portlet
December 4, 2012 5:05 AM
Answer

Jan Kosecki

Rank: New Member

Posts: 16

Join Date: October 29, 2012

Recent Posts

The problem occurs fot the test account that has Admin, User, Power User roles
Jan Geißler
RE: Using Liferay's Permission System from a portlet
December 4, 2012 5:10 AM
Answer

Jan Geißler

Community Moderator

Rank: Liferay Master

Posts: 735

Join Date: July 5, 2011

Recent Posts

Any Stacktraces on StdOut?
Jan Kosecki
RE: Using Liferay's Permission System from a portlet
December 4, 2012 5:16 AM
Answer

Jan Kosecki

Rank: New Member

Posts: 16

Join Date: October 29, 2012

Recent Posts

13:48:57,954 ERROR [AdvancedPermissionChecker:705] com.liferay.portal.NoSuchResourceActionException: com.liferay.portal.
model.Layout#UPDATE
com.liferay.portal.NoSuchResourceActionException: com.liferay.portal.model.Layout#UPDATE
at com.liferay.portal.security.permission.ResourceActionsImpl.checkAction(ResourceActionsImpl.java:129)
at com.liferay.portal.security.permission.ResourceActionsUtil.checkAction(ResourceActionsUtil.java:73)
at com.liferay.portal.security.permission.AdvancedPermissionChecker.hasGuestPermission(AdvancedPermissionChecker
.java:638)
at com.liferay.portal.security.permission.AdvancedPermissionChecker.hasPermissionImpl(AdvancedPermissionChecker.
java:686)
at com.liferay.portal.security.permission.AdvancedPermissionChecker.hasPermission(AdvancedPermissionChecker.java
:381)
at com.liferay.portal.security.permission.BasePermissionChecker.hasPermission(BasePermissionChecker.java:62)
at com.liferay.portal.service.permission.LayoutPermissionImpl.contains(LayoutPermissionImpl.java:128)
at com.liferay.portal.service.permission.LayoutPermissionUtil.contains(LayoutPermissionUtil.java:71)
at com.liferay.portal.events.ServicePreAction.servicePre(ServicePreAction.java:1632)
at com.liferay.portal.events.ServicePreAction.run(ServicePreAction.java:147)
at com.liferay.portal.events.EventsProcessorImpl.processEvent(EventsProcessorImpl.java:81)
at com.liferay.portal.events.EventsProcessorImpl.process(EventsProcessorImpl.java:58)
at com.liferay.portal.ee.license.EventsProcessorImpl.process(Unknown Source)
at com.liferay.portal.events.EventsProcessorUtil.process(EventsProcessorUtil.java:53)
at com.liferay.portal.servlet.MainServlet.processServicePre(MainServlet.java:1078)
at com.liferay.portal.servlet.MainServlet.service(MainServlet.java:457)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:72)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.servlet.filters.strip.StripFilter.processFilter(StripFilter.java:301)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:
203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:113)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.servlet.filters.gzip.GZipFilter.processFilter(GZipFilter.java:123)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:
203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.servlet.filters.secure.SecureFilter.processFilter(SecureFilter.java:199)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:
203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.servlet.filters.autologin.AutoLoginFilter.processFilter(AutoLoginFilter.java:240)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:
203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.servlet.filters.sso.ntlm.NtlmPostFilter.processFilter(NtlmPostFilter.java:83)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:
203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.sharepoint.SharepointFilter.processFilter(SharepointFilter.java:80)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:
203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:113)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterCha
in.java:184)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:
203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterCha
in.java:164)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterCha
in.java:164)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:70)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:619)

The same for VIEW and other permissions I've tried to apply.
Jan Geißler
RE: Using Liferay's Permission System from a portlet
December 4, 2012 5:22 AM
Answer

Jan Geißler

Community Moderator

Rank: Liferay Master

Posts: 735

Join Date: July 5, 2011

Recent Posts

Sounds ridicoulus but, have you tried restarting the server?
Jan Kosecki
RE: Using Liferay's Permission System from a portlet
December 4, 2012 5:23 AM
Answer

Jan Kosecki

Rank: New Member

Posts: 16

Join Date: October 29, 2012

Recent Posts

Unfortunately yes, even more then once.
Jan Geißler
RE: Using Liferay's Permission System from a portlet
December 4, 2012 5:49 AM
Answer

Jan Geißler

Community Moderator

Rank: Liferay Master

Posts: 735

Join Date: July 5, 2011

Recent Posts

Does that particular Resource Action exist in the ResourceAction table?
Jan Kosecki
RE: Using Liferay's Permission System from a portlet
December 5, 2012 11:46 PM
Answer

Jan Kosecki

Rank: New Member

Posts: 16

Join Date: October 29, 2012

Recent Posts

What you mean by ResourceAction table? Because it wasn't mentioned in the article and I have no idea what is it.

Well, if you mean by adding line to .properties then I have it.

resource.actions.configs=resource-actions/spdetails.xml

And there exists such folder:

 1<?xml version="1.0"?>
 2<resource-action-mapping>
 3<portlet-resource>
 4    <portlet-name>sp_details</portlet-name>
 5    <supports>
 6        <action-key>VIEW_SPECIAL</action-key>
 7        <action-key>CONFIGURATION</action-key>
 8        <action-key>VIEW</action-key>
 9        <action-key>ADD TO PAGE</action-key>
10    </supports>
11    <community-defaults>
12        <action-key>VIEW_SPECIAL</action-key>
13        <action-key>CONFIGURATION</action-key>
14        <action-key>VIEW</action-key>
15    </community-defaults>
16    <guest-defaults>
17        <action-key>VIEW</action-key>
18        <action-key>View</action-key>
19    </guest-defaults>
20    <guest-unsupported>
21        <action-key>CONFIGURATION</action-key>
22    </guest-unsupported>
23</portlet-resource>
24</resource-action-mapping>
Jan Geißler
RE: Using Liferay's Permission System from a portlet
December 6, 2012 2:21 AM
Answer

Jan Geißler

Community Moderator

Rank: Liferay Master

Posts: 735

Join Date: July 5, 2011

Recent Posts

Actually I meat to take a look at the Database below the portal and check if there is a corresponing Entry in the table...

and is Portlet Name in resource-config the same as in Portlet.xml?
Jan Kosecki
RE: Using Liferay's Permission System from a portlet
December 7, 2012 2:51 AM
Answer

Jan Kosecki

Rank: New Member

Posts: 16

Join Date: October 29, 2012

Recent Posts

Well, it's working now.
It wasn't mentioned in the article that I need to have in the .properties also mapping to default.xml.

Now, when I have:
1 resource.actions.configs=resource-actions/default.xml,resource-actions/default-aux.xml
it works fine.

But I have another question. Is it possible to create one .xml file view list of permissions and include if for couple of portlets? Because everything I found is about giving permissions for specific portlet. And what if I have 4 portlets that should have the same set of permissions. Do I have to double the same ines in every of 4 .xml files?

Also one, I hope last question concerning permission, what is the second and third parameter of the permissionChecker.hasPermission() method?
If I have a portlet for which I'll give "ADD_NEW_CONFIGURATION" permission, which allows to click the button, what should be the arguments of "name" and "primKey"?

1 <c:if test="<% permissionChecker.hasPermission(themeDisplay.getScopeGroupId(), name, primKey, "ADD_NEW_CONFIGURATION"); %>">
2// code for button here
3        </c:if>


Ok, I found that the primKey, when the permission is about whole portlet is just a scopeGroupID. In the case of the name, I should have put the portlet name there or what?
Jan Geißler
RE: Using Liferay's Permission System from a portlet
December 7, 2012 2:37 AM
Answer

Jan Geißler

Community Moderator

Rank: Liferay Master

Posts: 735

Join Date: July 5, 2011

Recent Posts

I don't know to be honest. But to be safe copy those lines emoticon
Jan Geißler
RE: Using Liferay's Permission System from a portlet
December 7, 2012 3:06 AM
Answer

Jan Geißler

Community Moderator

Rank: Liferay Master

Posts: 735

Join Date: July 5, 2011

Recent Posts

for the permission Checker: portletID which would be something like portletName_WAR_warname. Just take a look in the database table: Portlet.
Jan Kosecki
RE: Using Liferay's Permission System from a portlet
December 7, 2012 3:32 AM
Answer

Jan Kosecki

Rank: New Member

Posts: 16

Join Date: October 29, 2012

Recent Posts

Ok, the same can be found in the Control Panel/Plugins Configuration.

Thank you very, vey much for all your patience and answers.
Jan Geißler
RE: Using Liferay's Permission System from a portlet
December 7, 2012 3:54 AM
Answer

Jan Geißler

Community Moderator

Rank: Liferay Master

Posts: 735

Join Date: July 5, 2011

Recent Posts

Hey! We are having the same name, though you are very welcome emoticon
Jan Kosecki
RE: Using Liferay's Permission System from a portlet
December 7, 2012 4:26 AM
Answer

Jan Kosecki

Rank: New Member

Posts: 16

Join Date: October 29, 2012

Recent Posts

So I'll have another question, unfortunately. At the beginning, I thought that everything works fine, because their appear 3 additional permissions for my portlet.



and in the JSP I have code:

1 <% boolean showButton = PortletPermissionUtil.contains(permissionChecker, "my_projects_WAR_tt_besol_myHouse_portlets", "CFP"); %>
2        <c:if test="<%= showButton %>">
3            <a class="btn btnSubmit plus" title="Neue Configuration" href="#"><span><liferay-ui:message key="myprojects.newconfig"/></span> </a>
4        </c:if>


The problem is that the button disappears always, even if, e.g. the guest has permission for CFP. The only account who sees the button is the test account, which is the owner of the portal. Is there something missing that connects account with its permissions?

I checked it also with the "ADD_NEW_CONFIGURATION" and "CFR". It never works.
Jan Geißler
RE: Using Liferay's Permission System from a portlet
December 7, 2012 4:37 AM
Answer

Jan Geißler

Community Moderator

Rank: Liferay Master

Posts: 735

Join Date: July 5, 2011

Recent Posts

Hmmm... Here is what I usually do:
First of all, I hate Java Code in Jsp's (just my strange thinking ;) ) so I went this way:
I made a Taghandler for this. The code in the taghandler is the following:
 1
 2@Override
 3    public int doStartTag() throws JspException {
 4
 5        ThemeDisplay themeDisplay = (ThemeDisplay) pageContext.getRequest().getAttribute(WebKeys.THEME_DISPLAY);
 6        User user = themeDisplay.getUser();
 7        long scopeGroupId = themeDisplay.getScopeGroupId();
 8        long companyId = themeDisplay.getCompanyId();
 9        PermissionChecker checker = themeDisplay.getPermissionChecker();
10        boolean hasPermission = checker.hasPermission(scopeGroupId, name, primKey, actionId);
11        if (var == null) {
12            try {
13                JspWriter out = this.pageContext.getOut();
14                out.println(hasPermission);
15            } catch (IOException e) {
16                this.logger.error(e);
17            }
18        } else {
19            pageContext.setAttribute(var, hasPermission);
20        }
21        this.logger.trace("Leaving doStartTag");
22        if (hasPermission && var == null)  {
23            return EVAL_BODY_INCLUDE;
24        } else {
25            return SKIP_BODY;
26        }
27    }


And this is working perfectly for me...

Long story short:
1
2PermissionChecker checker = themeDisplay.getPermissionChecker();
3        boolean hasPermission = checker.hasPermission(scopeGroupId, name, primKey, actionId);


Try this one. I haven't used PortletPermissionUtil till now...
Jan Kosecki
RE: Using Liferay's Permission System from a portlet
December 10, 2012 4:39 AM
Answer

Jan Kosecki

Rank: New Member

Posts: 16

Join Date: October 29, 2012

Recent Posts

Well, after hours of redeploying the app, it finally appeared that it works with agruments like that:

1permissionChecker.hasPermission(themeDisplay.getScopeGroupId(), portletDisplay.getRootPortletId(), portletDisplay.getResourcePK(), "CRF");


I'm glad that it works now but I wonder why it did not when everything was set like in the articles.

Anyway, thanks for your Tag code. I'll take a closer look at it and try to understand it ( I've never override TagSupport yet ) and probably will try to separate code from view.

Just to be sure, in your code "var" variable is a variable storing the value of parameter given to the tag, is it?

Greetings!
Jan Geißler
RE: Using Liferay's Permission System from a portlet
December 10, 2012 4:57 AM
Answer

Jan Geißler

Community Moderator

Rank: Liferay Master

Posts: 735

Join Date: July 5, 2011

Recent Posts

Nope. Just the other way round ;)

I write the result (in this case true/false) in the page context with the name which is given in var. So if you have something like this:
1
2<osc:hasPermission primKey="${objectGeodata.objectGeodataId}" name="de.osc.geodata.model.ObjectGeodata" actionId="DELETE" var="myVar" />   


you can do this later on:
1
2<c:if test="${myVar}">
3        //do some work here
4    </c:if>


if you do not provide a varName in the tag, you should use it this way:
1
2<osc:hasPermission primKey="${objectGeodata.objectGeodataId}" name="de.osc.geodata.model.ObjectGeodata" actionId="DELETE">
3        <liferay-ui:icon-delete url="${DELETE_URL}" />
4    </osc:hasPermission>
Jan Kosecki
RE: Using Liferay's Permission System from a portlet
December 11, 2012 4:20 AM
Answer

Jan Kosecki

Rank: New Member

Posts: 16

Join Date: October 29, 2012

Recent Posts

I did a bit less complicated tag that displays the block between opening and ending tag if the user has permission given as attribute and it works fine for now emoticon

Does the "resource-actions" folder with the xml-s indised has to be in ROOT/WEB-INF/classes/ or is is possible to place in in portletXXX/WEB-INF/classes/?
Because till now I had
1 resource.actions.configs=resource-actions/default.xml,resource-actions/default-aux.xml
in portal-ext.properties which is placed in ROOT/WEB-INF/classes. And I would like to make the permissions independent from the changes in ROOT folder.
Jan Geißler
RE: Using Liferay's Permission System from a portlet
December 11, 2012 11:54 PM
Answer

Jan Geißler

Community Moderator

Rank: Liferay Master

Posts: 735

Join Date: July 5, 2011

Recent Posts

Actually you would put them in {MyPortletName]/docroot/WEB_INF/src/resource-actions and define it in {MyPortletName]/docroot/WEB_INF/src/portlet.properties.
If I remember correct that's the way how the tutorial is telling you how to do it emoticon
This is the clean way of doing it, because what has the portal to do with your portlets ;)

So long
Jan